Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

406 advisories

Loading
salt password information leaked in debug logs Critical
CVE-2015-6941 was published for salt (pip) May 17, 2022
Salt allows deleted minions to read or write to minions with the same id Critical
CVE-2016-9639 was published for salt (pip) May 17, 2022
Code injection in rope Critical
CVE-2014-3539 was published for rope (pip) Jul 26, 2018
SaltStack Salt Directory traversal vulnerability in minion id validation Critical
CVE-2017-12791 was published for salt (pip) May 17, 2022
SaltStack Salt Directory traversal vulnerability in minion id validation Critical
CVE-2017-14695 was published for salt (pip) May 17, 2022
pysaml2 Improper Authentication vulnerability Critical
CVE-2017-1000433 was published for pysaml2 (pip) Jul 13, 2018
tdunlap607
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation Critical
CVE-2024-22416 was published for pyload-ng (pip) Jan 19, 2024
PinkDraconian kaydoda
Poetry before v1.1.9 contains Untrusted Search Path Critical
CVE-2022-26184 was published for poetry (pip) Mar 23, 2022
pydash Command Injection vulnerability Critical
CVE-2023-26145 was published for pydash (pip) Sep 28, 2023
PyArrow: Arbitrary code execution when loading a malicious data file Critical
CVE-2023-47248 was published for pyarrow (pip) Nov 9, 2023
pitrou r3kumar
Unsafe pyyaml load usage in PyAnyAPI Critical
CVE-2017-16616 was published for pyanyapi (pip) May 13, 2022
westonsteimel
SQL Injection in pycsw Critical
CVE-2016-8640 was published for pycsw (pip) Aug 15, 2018
Potential buffer overflow in psd-tools Critical
CVE-2020-10571 was published for psd-tools (pip) Mar 16, 2020
py7zr directory traversal vulnerability Critical
CVE-2022-44900 was published for py7zr (pip) Dec 6, 2022
Buffer Overflow in pycrypto Critical
CVE-2013-7459 was published for pycrypto (pip) Dec 14, 2018
pwntools Server-Side Template Injection (SSTI) vulnerability Critical
CVE-2020-28468 was published for pwntools (pip) Apr 20, 2021
Plone Unauthenticated Write Vulnerability Critical
CVE-2020-7941 was published for Plone (pip) May 24, 2022
Incorrect Permission Assignment for Critical Resource in Plone Critical
CVE-2021-33509 was published for Plone (pip) Jun 15, 2021
Improper Restriction of XML External Entity Reference in Quokka Critical
CVE-2020-18705 was published for quokka (pip) Aug 30, 2021
Improper Restriction of XML External Entity Reference in Quokka Critical
CVE-2020-18703 was published for quokka (pip) Aug 30, 2021
Radicale vulnerable to arbitrary file read or write Critical
CVE-2015-8747 was published for Radicale (pip) May 17, 2022
PyYAML insecurely deserializes YAML strings leading to arbitrary code execution Critical
CVE-2017-18342 was published for pyyaml (pip) Jan 4, 2019
python-jose failure to use a constant time comparison for HMAC keys Critical
CVE-2016-7036 was published for python-jose (pip) May 17, 2022
Remote code execution in pytorch lightning Critical
CVE-2024-5452 was published for lightning (pip) Jun 6, 2024
colbybr
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection Critical
CVE-2024-37301 was published for document-merge-service (pip) Jun 11, 2024
c0rydoras
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database